Safari, Ubuntu Linux, Edge and Adobe Reader, Hacked At Pwn2Own 2017

This year, the popular Pwn2Own event has $1,000,000 up for grabs from hackers. Among the pieces of software being targeted are Apple Safari, Ubuntu Linux, Microsoft Edge and the Adobe Reader. This year, there are 11 teams in the competition with 30 threats taking part. The event began on the 15th of March and is under the sponsorship of Trend Micro.

On the very first day of the competition, some major hacks were performed with the winners taking away a total of $233,000. This ushered in heightened hacking with some of the major pieces of software being put to the test. Being the 10th iteration of the event, a lot happened including the inclusion of Linux for the very first time. The competition included Ubuntu Linux 16.10 and other pieces of software.

Qihoo 360, the firm famous for its suite of security features, focused on hacking the Adobe Reader. It employed the jpeg2000 heap overflow, an RCE, and a Windows kernel info leak. They were able to hack into the program with ease to earn the team $50,000. Although it seemed easy, it wasn’t something anyone could pull off.

Samuel Groß and Niklas Baumstark then carried out their hack on the Apple Safari app. They focused on using an escalation to root on the macOS. Theirs too was a successful hack after they employed a user-after-free (UAF) combined with some bugs to hack into the browser. For their efforts, they took home a cool $28,000. It was a very impressive hack given that it was simply done by two guys who made up the team.

Team Ether from Tencent Security focused their efforts on hacking the new Microsoft Edge browser. To perform this hack, they employed an arbitrary write in Chakra mode then combined it with a logic bug that would escape the sandbox. For their efforts, they took away an awesome $80,000. It was a significant hack that brought to light the flaws in the Edge browser.

Next on the list of the hacks was the Linux operating system. Being its first time in the completion, it was impressive seeing people focus on hacking it. Chaitin Security Research Lab employed a Linux kernel heap out-of-bound access that allowed them to take the operating system apart. For their efforts, they were rewarded with $15,000.

These were just a few of the hacks performed during the first few days of the event. However, much more were carried out including on the windows operating system and Adobe Flash. It is a great way of pointing out the flaws in pieces of software while getting paid for it. It helps firms know what is wrong with their software and fix it. Given that the teams carrying out the hacks are from companies of high repute, it is unlikely that a single hacker can be able to carry them out on their own. It is an excellent way to point out such flaws anyway.

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Related Posts